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PATENT 
Atty Dkt. No. 032326-031 

PRE-CONTROL OF A PROGRAM IN AN ADDITIONAL 
CHIP CARD OF A TERMINAL 

This disclosure is based upon, and claims priority from, French patent 
application No. 99-07059, filed June 3, 1999, the contents of which are incorporated 
herein by reference. 

Field of the Invention 

This invention relates to securing application programs furnished by means 
of an additional chip card that can be inserted in a telecommunication terminal. For 
instance, the terminal can be a mobile radio telephone terminal, with a first card for 
the identification of the subscriber and communications with the telecommunication 
network, as well as an additional chip card reader. 

Background of the Invention 

In a cellular radio telephone network of the GSM type, provision is made for 
supplying the subscriber with application services based on the execution of 
application programs within SIM chip cards. These services are carried out by a 
standardized technology, commonly known as the SIM Application Toolkit. One 
particular feature, called pro-activity, makes it possible for the SIM card, while a 
program is being run, to address requests to the outside world: the terminal, the 
subscriber, and the network. 

For example, such application programs comprise menus for interrogating a 
bank server and conducting bank transactions from the terminal at a distance. The 
development of value-added service applications, executed in the SIM card, requires 
means for the distribution and maintenance of these applications during the course of 
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the subscription. This is possible by personalizing the SIM card with adequate 
programs prior to its being sent to the subscriber, or by remotely loading via radio or 
by loading these programs into the SIM card directly at the point of sale. 

The prior technique also provides for an additional chip card which is distinct 
from the SIM card and which can be inserted in the terminal or which can be linked 
to the terminal of the SIM card by an external reader. The second card is controlled 
by a program that is being carried out in the SIM card. The terminal performs a 
transparent role by simply transmitting the commands prepared by the SIM card to 
the second card. This exchange of commands is intended to develop services that 
will involve all types of chip cards. For example, the second card is a bank card that 
can thus offer remote payment services on the mobile terminal. 

The second card becomes a means for the distribution of applications by 
transporting programs performing value-added services, such as those one may find 
currently in the SIM card. 

The introduction of the second card in the terminal entails a drawback in that 
the application is no longer necessarily furnished by the operator of the network and 
thus not subject to authenticity checks. The second card does not contain any means 
for certifying its content through the terminal, the first card, or the network. 

Summary of the Invention 

The object of the invention is to reinforce security before and during the 
implementation of an application contained in an additional card and executable, 
notably by the first card of the terminal or through the terminal itself 

To this end, a process for pre-controlling the execution of a program, 
contained in a second chip card, inserted in a terminal, in addition to a first chip 
card, containing data tied to a telecommunication network to which the terminal is 
linked, is characterized in that it comprises an authentication of either the first or 
second cards by the other card prior to the execution of the program, as well as 
during it. 
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The authentication thus prevents the fraudulent use, pirating, and copying of 
an application program or programs in the second card. 

In keeping with the basic idea behind the invention, a second chip card is any 
card among a plurality of additional cards, containing different application 
5 programs, at the rate of one or several programs per second card, independently of 
the software for communicating between the latter, the first card, and the terminal. 

The plurality of second cards enables an operator to propose to his 
subscribers new services that are sold through a conventional distribution circuit, in 
the form of second cards to be inserted in the terminal, while maintaining control 
10 over the proposed services. 

According to a first embodiment, when the authentication entails an 
authentication of the second card by the first card, it can comprise the following 
phases: 

- applying a program identifier that is transmitted through the second card to 
15 the first card and a key with an algorithm contained in the first card so as to produce 

a result, and, 

- comparing the resuh and the certificate that is transmitted through the second 
card to the first card, to execute the program only when the two are equal. 

The authentication can then comprise a selection of the key in a table of keys 
20 contained in a first card as a fiinction of the program identifier. 

According to a second embodiment, when the authentication comprises an 
authentication of the second card by the first card, it can include the following 
phases: 

- transmitting a random number from the first card to the second card; 

25 - applying the random number transmitted and a key to an algorithm contained 

in the second card so as to produce a signature transmitted to the first card; 

- applying the random number and an algorithm key, contained in the first card 
so as to produce a result; and 
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- comparing the result to the signature transmitted in the first card so as to 
execute the program only when the two are equal. 

The authentication may then comprise a selection of the key in a table of 
keys contained in the first card as a function of a program identifier transmitted from 
5 the second card to the first card. 

When the authentication comprises an authentication of the first card by the 
second card, it may comprise the following phases according to a first embodiment: 

- transmitting a predetermined field of a number from the first card to the 
second card; 

10 - comparing the predetermined field to a number in the second card so as to 

execute the program or to read its content only when the two are equal. 

The predetermined field can then comprise at least the call sign of the 
telecommunication network contained in the identity number of the first card. 

When the authentication comprises an authentication of the first card by the 
15 second card, it may comprise the following phases in accordance with a second 
embodiment: 

- reading a random number from the first card into the second card; 
-applying the random number and an algorithm key contained in the first 

card so as to produce a signature transmitted to the second card; 
20 - applying the random number and an algorithm key contained in the second 

card so as to produce a result; and 

- comparing the result to the signature transmitted in the second card in order 
to execute the program or read its content only when the two are equal. 

The authentication may then comprise a selection of the key in a table of 
25 keys contained in the first card as a fimction of the program identifier transmitted 
from the second card to the first card. 

The process is more efficient when authentication is mutual between the first 
card and second cards. It comprises the following: 
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- either a first authentication of the second card by the first card and a second 
authentication of the first card by the second card which follows the first 
authentication when the second card is authenticated by the first card and which is 
followed by the execution of the program when the first card has been authenticated 
5 by the second card; or 

-a first authentication of the first card by the second card and a second 
authentication of the second card by the first card which follows the first 
authentication when the first card is authenticated by the second card and which is 
followed by the execution of the program when the second card is authenticated by 
10 the first card. 

All of the first cards are not necessarily to be authenticated by a second card 
and, reciprocally, all of the second cards are not necessarily to be authenticated by 
the first cards. In particular, at least a portion of the authentication can be executed 
only in response to a request for authentication transmitted from the second card to 
15 the first card. 

The first card cannot contain the material or software for participating in 
authentication. In this case, the process can comprise authentication phases executed 
in a telecommunication network server in response to a request from the first card. 
The execution of the program, be it done (at least partially) in the first card, or the 
20 terminal, or in the second card, requires a prior verification of the compatibility of 
these three entities. On that score, the process may comprise a reading of the 
characteristics for the execution of the program in the second card from the first card 
or the terminal in response to an introduction of the second card in a reading means 
linked to the terminal, and an analysis of characteristics, comparing the material and 
25 software capacities of the first card and/or the terminal to reject the second card 
when said characteristics are incompatible with the first card and/or the terminal. 

According to a preferred embodiment, the telecommunication network is a 
radio telephone network, the terminal is a mobile radio telephone terminal, and the 
first chip card is a subscriber identity card. However, according to other variants. 



the telecommunication network may simply be a switched telephone network or a 
digital service integration network or a specialized or private data transmission 
telephone network. 

Brief Description of the Drawings 

5 Other features and advantages of this invention will appear more clearly 

upon reading the following description of several preferred embodiments of the 
invention with reference to the attached corresponding drawings where: 

Figure 1 is a detailed block diagram of a cellular radio telephone network with 
a mobile terminal; 

10 Figure 2 is an algorithm of principal phases of the pre-control procedure for 

execution of the program according to the invention; 

Figure 3 is a mutual authentication algorithm of a first card and a second card, 
both of which are linked to the terminal; 

Figure 4 is an algorithm of a first authentication of the second card by the first 
15 card according to a first embodiment; 

Figure 5 is an algorithm of a first authentication of the second card by the first 
card according to a second embodiment; 

Figure 6 is an algorithm of a second authentication of a first card by the 
second card according to a first embodiment; and 
20 Figure 7 is an algorithm of a second authentication of a first card by the 

second card according to a second embodiment. 

Detailed Description 

By way of example, an embodiment of the invention will be described in the 
context of a telecommunication network of the digital cellular radio telephone 
25 network type RR of the GSM type, as shown in Figure 1 . A mobile radio telephone 
terminal TE of the radio telephone network comprises a first chip card CI, 
constituting a microprocessor module that can be removed from the terminal, as well 
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as a second chip card C2, called an additional application card, either linked to the 
terminal TE by means of a card reader distinct from the terminal, or housed in the 
terminal so that it can be removed. 

In Figure 1, network RR is shown in the form of a diagram by a mobile 
5 service switch MSG for the location zone where the mobile terminal TE is at a given 
instant, and a base station BTS linked to the switch MSG by a base station controller 
BSC and to a terminal TE via radio. The entities MSG, BSG and BTS principally 
constitute a fixed network through which are transmitted especially messages for 
signaling to semaphore channels, and control, data, and voice messages. The 

10 principal entity of the RR network that is capable of interacting with the first card in 
the terminal TE is the mobile service switch MSG, associated with a visitor location 
recorder VLR and linked to at least one autonomous routing telephone switch G AA 
of the switched telephone network RTG. The switch MSG handles communications 
for mobile visitor terminals, including the terminal TE, located at any given instant 

15 in the location zone serviced by the switch MSG. The base station control BSG in 
particular handles the allocation of channels to the mobile visitor terminals, and the 
base station BTS covers the radio communication cell where the terminal MS 
happens to be at a given instant. 

The radio telephone network RR also comprises a nominal location recorder 

20 HLR, linked to the recorders VLR and similar to a database. The recorder HLR 
contains, for each radio telephone terminal especially the international identity 
(IMSI) (International Mobile Subscriber Identity) of the first chip card Gl, called the 
SIM card (Subscriber Identity Module) included in the terminal TE, that is to say, 
the identity of the subscriber who is the owner of the SIM card, the subscription 

25 profile of the subscriber, and the number of recorder VLR to which the mobile 
terminal is temporarily attached. 

The terminal TE shown in detail in Figure 1, comprises a radio interface 30 
with the radio telephone network RR, comprising primarily a transmission and 
reception channel duplexer, frequency transposition circuits, analog-digital and 
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digital-analog converters, a modulator and demodulator, and a channel coding and 
decoding circuit. Terminal TE also comprises a word coding and decoding circuit 
3 1 , linked to a microphone 3 1 0 and a loudspeaker 3 1 1 , a microcontroller 32, 
associated with a nonvolatile program memory EEPROM 33 and a data memory 
5 RAM 34, and an input-output interface 35, servicing chip cards CI and C2, a 

keyboard 36, and a graphic display 37. Microcontroller 32 is linked by a bus BU to 
interface 30 to circuit 31, and to memories 33 and 34 and, by another bus BS, to the 
input-output interface 35. Microcontroller 32 handles all base band data processing 
that the terminal receives and transmits after frequency transposition, particularly 

10 relating to protocol layers 1, 2, and 3 of the ISO model and supervises exchanges of 
data between the network RR through radio interface 30 and first chip card CI 
through input-output interface 35. 

The SIM chip card CI is Unked to the input-output interface 35, including at 
least one card reader in the terminal and the peripheral connectors of the mobile 

15 terminal. Chip card CI mainly contains a microprocessor 10, a memory 1 1 of the 
ROM type, including a card processing system and specific algorithms for 
communication, application, and authentication according to the invention, a 
nonvolatile memory 12 of the EEPROM type, which contains all of the 
characteristics tied to the subscriber, in particular, the international subscriber 

20 identity IMSI, and a RAM- type memory 13, intended essentially for the processing 
of data to be received from microcontroller 32, included in the terminal, and the 
second card C2, and to be transmitted to them. 

As shown in Figure 1, an authentication server SA is optionally provided as 
an internal radio telephone network RR entity and is linked to one or several couples 

25 of mobile service switches MSC and visitor location recorder VLR through the 
signaling network of network RR. The address of the server SA is pre-stored in 
memory 12 of card CI. 

According to the invention, several software units are primarily remotely 
loaded into memories ROM 1 1 and EEPROM 12 to handle appUcations in additional 
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cards C2. In particular, the algorithm of the pre-control procedure according to the 
invention, shown in Figure 2, is implemented in memories 1 1 and 12. 

Just like SIM card CI, the second card C2 also comprises a microprocessor 
20, and ROM memory 21, including a system for the processing of card C2 and, at 
5 least partially, an application program PA and a specific authentication algorithm 
according to the invention, a nonvolatile type EEPROM memory 22, containing, 
according to the invention, an identifier IPA of the application program as well as 
characteristics CPA, required for the execution of the program, plus one or two 
authentication requests DAI and DA2, and RAM 23 memory that processes the data 

10 to be received from microcontroller 32 and from processor 10. Card C2, for 

example, can be a bank card, an electronic money card, a game card, or a business 
card; in the last case, the business card is intended to insert the name and telephone 
number of the person who sent the card in the telephone directory of the SIM card 
and/or to call said person automatically. 

15 The ROM and EEPROM memories 1 1, 12, 21 and 22, in cards CI and C2, 

comprise communication software for conducting a dialog, on the one hand, with 
microcontroller 32 of terminal TE, and, on the other hand, between processors 10 
and 20 through terminal TE, that is to say, through microcontroller 32 and input- 
output interface 35, 

20 To conduct a dialog between themselves, the SIM card CI and additional 

card C2 are of the proactive type so as to trigger actions in the mobile terminal MS 
by means of pre-formatted commands according to the "T=0" protocol of ISO 7816- 
3 and encapsulated according to recommendation GSM 11.14 (SIM Toolkit). This 
recommendation permits an extension of the set of commands of the operating 

25 system, included in the memory 11,21 of chip card CI, C2, to make available - to 
the other card C2, CI - data transmitted through chip card CI, C2. As described 
hereinafter, terminal TE can be transparent to certain exchanges of data between 
cards CI and C2, or it can communicate with one of the cards without 
communicating with the other card. 



-10- 

As shown in Figure 2, the pre-control procedure for the execution of an 
application program PA, contained in the second card C2, comprises four principal 
phases El to E4. Initially, the pre-control procedure is triggered in a phase EO either 
manually, by pushing a predetermined validation button on the keyboard of terminal 
5 TE or by validating a guideline "VALIDATE INSERTION OF ADDITIONAL 

CARD," displayed on the screen of the terminal after card C2 has been inserted in 
the reader, or automatically, via terminal TE, in response to a card presence 
message, transmitted by the distinct reader of terminal TE or integrated in the input- 
output interface 35, as in the case of card CI . Terminal TE then invites the first card 

10 CI , the SIM card, to interrogate the second card C2. 

According to the embodiment illustrated in Figure 2, everything takes place 
during subsequent phases El to E4, as if terminal TE - in fact, the microcontroller 
32 and the input-output interface 35 - were to be transparent to data exchanged 
between the two cards. 

15 In the next phase El, card CI reads and stores in memory EEPROM 12, 

service information items IS in memory EEPROM 22 of card C2 through terminal 
TE. The service information items contain the identifier IPA of the application 
program PA, the characteristics CPA, required for the execution of the program, and, 
quite often, an authentication request DA. The characteristics CPA are especially a 

20 type of software environment, a memory capacity, and material parameters of the 
terminal TE, necessary for the execution of program PA as well as an execution 
interdiction or authorization for the program PA outside the second card CA. Due to 
the information items IS read in the second card C2, the first card CI thus is 
informed of the nature of the application corresponding to the application program 

25 contained in the second card. 

If, in the following phase E2, the first card CI finds an incompatibility 
between terminal TE - including the SIM card CI - and the application program 
characteristics CPA, then card CI refuses to continue the pre-control procedure to a 
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phase E21, and reports a rejection to terminal TE so that it may display a message 
"ADDITIONAL CARD INCOMPATIBLE," 

In the opposite case, card CI decides to continue or not to continue the pre- 
control procedure to an intermediate phase E22. If card CI does not immediately 
5 continue the pre-control procedure, for example, on account of a call from the 
terminal, then card CI postpones the pre-control in order later on to recover the 
program PA or have it executed in card C2. 

If, after phase E22, the first card CI continues the pre-control procedure, it 
verifies - in the application program characteristics CPA read in card C2 - that an 
10 authentication by means of one of the cards is required through the second card C2 
in phase E3. 

In the absence of an authentication request, the pre-control procedure runs 
from phase E3 to phase E4, involving a decision as to the place v^here application 
program PA is to be executed. The place of program execution is chosen among the 

15 three entities that are the first card CI, called the SIM card, the second card C2, 
called the additional card, and the terminal TE, using the proactive Toolkit 
application cormnands of the SIM card with the terminal 

According to a first variant, application program PA is remotely loaded from 
the second card C2 into the first card CI through the software of the multiple 

20 cardreader for the Toolkit application, so that the application program PA may be 
executed in card CI in the next phase E5. 

According to a second variant, the program PA is executed in the second 
card C2 in phase E5. According to a first option, the program PA is launched in 
response to a command from the SIM card CI, which then leaves the initiative of 

25 exchanges of cormnands and responses, for the execution of the program, to terminal 
TE which communicates directly with the second card. According to a second 
option, the program PA is launched on the command of the SIM card CI and all of 
the exchanges of commands and responses are carried out between card C2 and 
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terminal TE through card CI which creates the illusion, in the terminal, of 
containing and executing the program PA itself. 

According to a third variant, the program PA is remotely loaded from the 
second card C2 into terminal TE and is executed in phase E5 in an execution 
5 software environment, implemented initially for this purpose in the terminal. 

After phase E4, the program PA, read in card C2, is executed in phase E5. 
This program supplies the subscriber with a service, for example, by indicating text 
menus on display 37, acquisition of subscriber data through the SIM card CI, 
dispatch of requests to the RR network or the RTC, and interpretation of responses 
10 to requests. 

According to another embodiment, the operations performed in the SIM card 
CI, dixring phases El to E4, and shown to the left in Figure 2, with the exception of 
those pertaining to mutual authentication described in detail below, are executed in 
terminal TE, that is to say, under the command of microcontroller 32. The terminal 
15 thus reads the service information items IS [IP A, CPA, DA] in Phase El and itself 
decides to continue the pre-control procedure for program execution in phases E2, 
E3,and E4. 

Going back now to phase E3 in Figure 2, the first card CI triggers a mutual 
authentication of cards when an authentication request DAI is contained in the 

20 service information items IS, read in card C2, and stored in card C 1 . According to 
the embodiment illustrated in Figure 3, mutual authentication comprises a first 
authentication Al of the second card C2 by the first card CI, then, in response to the 
authenticity of the second card, a second authentication A2 of the first card CI by 
the second card C2. However, according to another embodiment of the invention, 

25 the order of authentications is reversed: authentication A2 of card CI by card C2 is 
performed first, then, in response to the authenticity of the first card, comes 
authentication Al of card C2 by card CI . 

The first authentication Al makes sure that an application program, 
contained in an additional card, such as card C2, can be executed only when that 
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program is duly certified. Authentication Al comprises phases Al 1 to A15, 
illustrated in Figiire 3. 

During phase All - following phase E3 - the first card CI, the SIM card 
verifies that it contains a first authentication algorithm AAl, handled and written in 
5 memories ROM 1 1 and EEPROM 12. In the affirmative, card CI proceeds to the 
authentication of card C2 in phase A 12. If card C2 cannot be authenticated by card 
CI during phase All, then SIM card CI transmits - via terminal TE - a message 
asking for a first authentication fi*om authentication server S A, connected to visitor 
location recorder VLR, to which is temporarily attached terminal TE, through fixed 

10 network BTS-BSC-MSC; server SA proceeds directly to the authentication of card 
C2, instead and in place of card CI, according to one of the two first authentications 
described below, by way of example. In the last phase A14 of the first 
authentication Al by card CI or server SA, mutual authentication is continued 
through the second authentication A2 if card C2 is authenticated; if not, mutual 

15 authentication is stopped and the control procedure is terminated in phase A 15, 

while the SIM card transfers to the terminal TE the message "ADDITIONAL CARD 
NOT AUTHENTICATED" in order then to display it temporarily on display 37. 

According to a first embodiment, shown in Figure 4, a first authentication 
A12a of card C2 in card CI (or in server SA) involves validating a second card 

20 certificate CERT, transmitted beforehand in the service information items IS by card 
C2 to card CI during phase El essentially comprising four phases A120 to A124. 

During the first phase A 120, the application program identifier IP A of 
application program PA is read into memory EEPROM 12 of card CI. The 
identifier IPA serves as a reading address in a table of secret keys TKa, contained in 

25 memory 12, for the purpose of reading there a secret key Ka corresponding to 

program PA or to a family of programs, comprising program PA. The identifier IPA 
and key Ka are applied to an authentication algorithm AAl a which produces a result 
Rl in phase A121. The algorithm AAl a, for example, is of the DES (Data 
Encryption Standard) type, as the other authentication algorithms cited in the 
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description further on. The certificate CERT is read into card CI in phase A 122 to 
be compared to the result Rl in phase A123, equivalent to phase A14: if Rl = 
CERT, then certificate CERT is certified and card C2 is authenticated by card CI, 
while the authentication of card CI is executed in phase A2; if not, the 
5 authentication and pre-control process is stopped in phase A 15. 

Another first authentication A12b of card C2 in card CI is shown in Figure 
5. It comprises phases A124 to A129 and consists of validating, through card CI, 
the result SG of a calculation performed in the second card C2 as a function of a 
random number NA, transmitted by the first card CI . 

10 Following phase All, card C 1 selects a pseudo-random number NAl , 

supplied by a pseudo-random generator that processor 10 contains for the purpose of 
introducing it into an authentication request message transmitted to card C2 through 
terminal TE in phase A124. In response to the authentication request, the second 
card C2 temporarily stores the transmitted random number NAl in memory 23 and 

15 reads a secret key Kb in memory EEPROM 22 in phase A 125. In phase A 126, 

random number NAl and key Kb are applied to an authentication algorithm AAlb 
which produces a signature SG2. 

Almost simultaneously with phases A125 and A126, analogous phases A127 
and A128 are made in first card CL In phase A127, following the preparation of the 

20 authentication request message, random number NAl is written into memory RAM 
13 of card CI and identifier IP A is read into memory EEPROM 12 of card CI in 
order to address by reading a table of secret keys Kb in memory EEPROM 12. 
Then, in phase A128, random number NAl, read into memory 13, and key Kb read 
into table TKb, are applied to algorithm AAlb also implemented in memories ROM 

25 1 1 and EEPROM 1 2 of card CI . A result R2 is produced through algorithm AA 1 b 
in card CI. 

Finally, in phase A 129, the second card C2 transmits the signature SG2 to 
the first card CI through terminal TE to compare it to result R2, Phase A129, 
equivalent to phase A 14, authenticates card C2 in card CI if R2 = SG2, so as to 
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execute phase A20, or it rejects card C2 when R2 is different from SG2 and phase 
El 5 stops the authentication and pre-control procedure. 

In either of the first authentications, prior to phase A120, A124, secret keys 
Ka, Kb are loaded into memory EEPROM 12 of SIM card CI during the initial 
5 personalization of card CI at the time the user-owner of the card subscribes, or they 
are remotely loaded while using card CI, for example, if they are modified or 
supplemented. 

A third way to perform the first authentication involves transmitting the 
following in phase El, from the second card to the first card: an application program 

10 identifier IP A, a second card identifier, typically the serial number CSN for card 

serial number, in English, and a number RND as a function of the IPA and the CSN. 
If the first card already contains an authorization for the triplet IPA, CSN, RDN, 
then authentication has been accomplished successfiilly. On the other hand, if the 
first card does not yet have an authorization for this triplet, it contacts an 

15 authorization center by means of a secure chaimel and transmits to that authorization 
center the triplet IPA, CSN, RDN, as well as a unique number associated with the 
first card, such as its CSN, or the IMSI. 

The authorization center verifies that the triplet IPA, CSN, RDN corresponds 
to an authorized card in its data base. If this is not the case, the authorization center 

20 transmits to the first card a message indicating that the second card is not authorized. 
If the triplet corresponds to a second authorized card, the authorization center 
verifies in a database that the second card is not yet associated with another "first" 
card. If this is the case, the authorization center sends to the first card a message 
indicating that the authentication has failed. If the second card was not yet 

25 associated with a first card, the authorization center modifies the database so as to 
associate the second card with the first card, then the authorization center sends to 
the first card a message indicating that authentication was successful. The first card 
then stores the authorization to prevent re-contacting the authorization center during 
a later authentication phase. 
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In this third mode of implementation of the first authentication, one could, 
optionally, associate a second card no longer to only one first card but to a group of 
first cards, so as to permit the use of one and the same second card by a small group 
of users. 

5 Returning to Figure 3, the second authentication A2 has commenced if, in 

phase A14, the equality Rl = CERT, according to authentication A12a or the 
equality RESl = SG, according to authentication A12b is satisfied. Authentication 
A2 makes sure that the first card CI, the SIM card is duly enabled by the second 
card C2 to trigger and read application program PA in card C2. 
10 The second authentication A2 starts with a prior verification of the need for 

the latter during a phase A20 looking in the service information items IS, in memory 
12, for the presence of a second authentication request DA2. If authentication A2 
has not been executed due to the absence of authentication request DA2, then the 
pre-control procedure moves on directly to the determination of the precise place of 
15 execution of application program E4. In the alternative, phases A21 to A25 of the 
second authentication are executed, respectively, in a manner similar to phases Al 1 
to Al 5 of the first authentication Al . 

In phase A21, following phase A20, card CI verifies that it is capable of 
participating in the second authentication properly speaking. If it is not capable, 
20 card CI sends, through terminal TE, a message requesting second authentication of 
authentication server SA which participates in phase A23, in the second 
authentication, instead of and in place of card CI, as described below in detail in 
phase A22. At the end of A24 of phase A22 or A23 of the authentication of card CI 
with the participation of card CI or server SA through card C2, card CI is either 
25 authenticated and the pre-control procedure moves on to the phase determining the 
place of execution E4, or it is not authenticated, and the pre-control procedure is 
terminated in phase A25 through the presentation of a message "SIM CARD NOT 
AUTHORIZED" on display 37 of terminal TE. 
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According to a first embodiment shown in Figure 6, the second 
authentication A22a comprises phases A220 to A222 and consists of a transmission 
of a predetermined field of the international identity number IMSI (International 
Mobile Subscriber Identity) of the subscriber who owns the SIM card CI to the 
5 second card C2 and a comparison of the transmitted field to the number previously 
stored in card C2. 

In a phase A220, the field that was predetermined in the identity number 
IMSI, contained in memory 12 of card CI is read. The predetermined field, for 
example, is the call sign MNC (Mobile Network Code) with two digits, of the radio 

10 telephone network RR, to which the subscriber is connected, or the entire call sign, 
MNC and the call sign of the country MCC (Mobile Country Code) to which the 
network RR belongs, so that card C2, generally issued through the operator of 
network RR, will verify that the SIM card does indeed belong to the operator. 
According to another variant, the predetermined field is a prefix of the subscriber 

15 number MSIN (Mobile Subscriber Identification Number) that is common to a group 
of subscribers. 

In response to the predetermined field, for example, the call sign MNC, in 
card C2, an equivalent number MNC2 is read into memory 22, in phase A221. The 
following phase A222, equivalent to phase A24, compares the numbers MNC and 
20 MNC2 and directs the pre-control procedure to phase E4 when they are equal; 

otherwise, the authenticity of card CI is not recognized by card C2 which invites 
terminal TE directly or via the SIM card CI, to display the message of phase A25 
and the pre-control procedure is stopped. 

According to a second embodiment, shown in Figure 7, the second 
25 authentication A22b comprises phases A223 to A229 and involves validating, by 

card C2, the result SG3 of a calculation performed in the first card CI, as a function 
of a random number NA2, requested of card C2 by card C 1 . 

Following phase A21, card CI sends a message requesting a random number 
to card C2 via terminal TE in phase A223. Card CI in its memory EEPROM 22 
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reads a random number NA2 furnished by the processor 20 which it transmits via 
terminal TE to card CI that temporarily stores it in phase A224. In card CI, the 
random number request phase is followed up by a reading A225 of the application 
program identifier IPA in memory EEPROM 12. The identifier is used to address, 

5 through reading, the table of secret keys TC in order to read there a key C 

corresponding to application program PA, or to a family of programs, comprising 
program PA. The random number NA2 that is received and the key C that is read 
are then applied to a second authentication algorithm AA2 in card CI, fumishing a 
signature SG3 in phase A226, which signature is transmitted to card C2 via terminal 

10 TE. 

After the random number selection phase A224, in card C2, the key C in 
memory 22 is read with the random number NA2 in a phase A227 in order to apply 
them to the algorithm AA2 that is also implemented in memories 21 and 22 in card 
C2. Algorithm AA2 produces a result R3 in phase A228. The signature SG3, 

15 received through card C2, is compared to the result R3 in phase A229 which is 

equivalent to phase A24. Card CI is authenticated by card C2 when SG3 = R3 and 
the pre-control procedure moves on to phase E4. If not, when SG3 ^R3, card C2 
rejects card CI in phase A25 and the SIM card asks terminal TE to display the 
message "SIM CARD NOT AUTHORIZED" and the pre-control procedure is 

20 terminated. 

Generally speaking, if the authentication of card CI by card C2 fails, then all 
or a portion of the programs contained in card C2 remain illegible and cannot be 
executed. 

According to another embodiment of the invention, there is mutual 
25 authentication of two cards prior to the execution of the program of the second card, 
followed by authentication throughout the entire program execution session. At 
first, each of the cards generates a random number that it transmits to the other card. 
On the basis of the two random numbers, each card calculates a key called the 
session key. Each card applies an enciphering algorithm, using the session key for a 
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known message, such as the two random numbers, and gets an enciphered message. 
Each card transmits its enciphered message to the other card and verifies the 
authenticity of the enciphered message received from the other card. 

The execution of the program may be continued when the two cards have 

5 mutually authenticated each other. Throughout the entire program execution 

session, all messages transmitted from one card to the others are authenticated in the 
following manner: an algorithm is applied to the message to be transmitted so as to 
get a printout of said message. A signature algorithm, using the session key, is 
applied to the printout so as to get a signature that will be transmitted with the 

10 message to which it corresponds. When a card receives from another card a message 
with its signature, it recalculates a printout and a signature corresponding to the 
received message and verifies that this signature is identical to the one received with 
the message. 
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What is claimed is: 

1 , A process for pre-controUing the execution of a program contained in 
a second chip card, inserted in a terminal, in addition to a first chip card, containing 
data and connected to a telecommimication network to which the terminal is linked, 
comprising the step of authenticating one of the first and second cards by the other, 
prior to the execution of the program. 

2, The process in accordance with Claim 1 , wherein the authentication 
involves an authentication of the second card by the first card, and comprises the 
following steps: 

- applying an identifier of the program which is transmitted from the second 
card to the first card and a key to an algorithm, contained in the first card, to produce 
a result, and 

- comparing the result and a certificate which is transmitted by the second 
card to the first card in order to execute the program only in case the latter two are 
equal, 

3, The process in accordance with Claim 2, further including the step of 
selecting the key in a table of keys contained in the first card as a function of the 
program identifier. 

4, The process in accordance with Claim 1, wherein the authentication 
involves an authentication of the second card by the first card, and comprises the 
following steps: 

- transmitting a random number from the first card to the second card; 

- applying the transmitted random number and a key to an algorithm 
contained in the second card to produce a signature that is transmitted to the first 
card; 
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- applying the random number and a key to an algorithm contained in the 
first card to produce a result; and 

- comparing the result to the signature transmitted to the first card so as to 
execute the program only when the two are equal. 

5 5. The process in accordance with Claim 4, further including the step of 

selecting the key from a table of keys contained in the first card as a function of a 
program identifier transmitted from the second card to the first card. 

6. The process in accordance with Claim 1, wherein the authentication 
involves an authentication of the first card by the second card, and comprises the 
10 following steps: 

- transmitting a predetermined field of a number from the first card to the 
second card; and 

- comparing the predetermined field to a number in the second card so as to 
execute the program or to read its content only when the two are equal. 

15 7. The process in accordance with Claim 6, wherein the predetermined 

field comprises at least the call sign of the telecommunication network contained in 
an identity number of the first card. 

8. The process in accordance with Claim 1, wherein the authentication 
involves an authentication of the first card by the second card, and comprises the 
20 following steps: 

- reading a random number from the first card into the second card; 

- applying the random number and a key to an algorithm contained in the 
first card so as to produce a signature transmitted to the second card; 

- applying the random number and a key to an algorithm contained in the 
25 second card so as to produce a result; and 
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- comparing the result to the signature transmitted to the second card so as to 
execute the program or read its content only when the two are equal. 

9. The process in accordance with Claim 8, further including the step of 
selecting the key in a table of keys contained in a first card as a function of a 
program identifier transmitted by the second card to the first card. 

1 0. The process in accordance with Claim 1 , comprising a first 
authentication of one card by the other card and a second authentication of the other 
card by said one card which follows the first authentication when said one card is 
authenticated by the other card and which is followed by the execution of the 
program when the other card is authenticated by said one card. 

1 1 . The process in accordance with Claim 1 , wherein at least one part of 
the authentication is executed only in response to an authentication request, 
transmitted from the second card to the first card. 

12. The process in accordance with Claim 1 , wherein authentication steps 
are executed in a server of the telecommunication network in response to a request 
from the first card. 

13. The process according to Claim 1, further including the steps of 
reading of the characteristics for the execution of the program in the second card, by 
the first card or the terminal in response to an introduction of the second card in a 
reading means linked to the terminal, and analysis of the characteristics in 
comparison to the material and software capacities of the first card and/or the 
terminal to reject the second card when said characteristics are incompatible with the 
first card and/or the terminal. 
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14. The process in accordance with Claim 1, further including the step, 
between the authentication of card and the execution of the program, of remotely 
loading the program from the second card into the first card for a program execution 
in the first card. 

15. The process in accordance with Claim 1 , wherein the program is 
launched on command from the first card to be executed in the second card and 
exchanges of commands and responses are made between the second card and the 
terminal. 

16. The process of claim 15 wherein said exchanges are made directly 
between the second card and the terminal. 

17. The process of claim 15 wherein said exchanges between the second 
card and the terminal are made through the first card. 

18. The process in accordance with Claim 1 , fiarther including the step, 
between the authentication of card and the execution of program, of remotely 
loading the program from the second card into the terminal for program execution in 
the terminal, 

1 9. The process in accordance with Claim 1 , wherein the 
telecommunication network is a radio telephone network, the terminal is a mobile 
radio telephone terminal, and the first card is a subscriber identity card. 
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Abstract 

Prior to the execution of a program contained in a second chip card inserted 
in a terminal such as a mobile radio telephone terminal, in addition to a first chip 
card containing data and connected to a telecommunication network to which the 
terminal is linked, one of the cards is authenticated by the other, or the two cards are 
authenticated mutually. This double authentication ensures the authenticity of the 
program for its overall execution in the terminal and the origin of the second card, 
distributed through conventional channels, for the network operator. 
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